SUU Seal (for official use only)
 

POLICY #5.58 
SUBJECT: University E-Mail Policy


I. PURPOSE

This Policy describes the appropriate use of University Electronic mail (e-mail) accounts, associated responsibilities, and rights of all Users of the University e-mail system.


II. REFERENCES

  1. Emergency Management Plan (EMP)
  2. Family Education Rights and Privacy Act of 1974 (FERPA)
  3. Southern Utah University Policy 5.22 Data Governance and Protection Policy
  4. Southern Utah University Policy 5.39 Records Access and Management
  5. Southern Utah University Policy 5.51 Information Technology Resources
  6. Southern Utah University Policy 5.53 University Archives and Records Policy
  7. Southern Utah University Policy 5.54 Copyright Policy
  8. Southern Utah University Policy 6.22 Faculty Due Process
  9. Southern Utah University Policy 8.3.5 Termination of non-Academic Staff Employees and Disciplinary Actions
  10. Southern Utah University Policy 11.2 Student Conduct Code
  11. Southern Utah University Policy 11.3 Family Educational Rights and Privacy Act
  12. Utah Code § 63-2 Government Records Access and Management Act (GRAMA)
  13. Utah System of Higher Education Policy R840 Institutional Business Communications
  14. Acknowledgment
    1. University of Utah Electronic Messaging Policy

III. DEFINITIONS

  1. Business E-mail Communications: Any e-mail communication that an employee, officer, volunteer or other designated individual sends or receives as part of his or her duties on behalf of the University.
  2. Delegated (Proxy) Access: The ability of a User to grant access to another User in order to schedule and/or e-mail on their behalf.
  3. Functional Account: An e-mail account set up to facilitate communication for a particular University function, e.g., hostmaster@suu.edu, webservices@suu.edu, etc.
  4. Private Data: Private Data is information protected by statutes, regulations, University policies, or contractual language. Private Data access and use is limited to members of the University Community and authorized third parties who have a legitimate business purpose to access the data. Southern Utah University defines Private Data in the forms of Private Personal Information, Protected Health Information and Payment Card Industry Data. Examples of Private Data include but are not limited to: (a) full social security numbers, (b) bank account and/or investment account numbers, (c) driver’s license or state identification numbers, (d) passport or visa numbers, (e) alien registration numbers, and (f) account Usernames in conjunction with passwords and/or other security access codes or phrases that would permit access to individuals’ accounts.
  5. Resources: Software, licensing, hardware, network, and staffing for support of the SUU E-mail Service.
  6. SUU E-mail System: Any system providing e-mail services to SUU faculty, staff, students, and/or emeritus employees. This system may be managed and maintained by SUU, or may be hosted by a third-party vendor. The University controls the email accounts on the systems, regardless of hosting arrangements.
  7. SUU Enterprise E-mail Service: The part of the SUU E-mail System through which the University engages in official business, including @suu.edu and @bard.org. Enterprise E-mail service does not include a separate, affiliated E-mail service the institution offers to alumni, students, or other groups.
  8. The University: Southern Utah University (SUU).
  9. User: Any person who accesses and uses the SUU E-mail Service.

IV. POLICY

  1. Applicability: The policy applies to all Users of the SUU E-mail System.
  2. Access and Use
    1. The University provides an SUU Enterprise E-mail Service (@suu.edu) for legitimate University-related communications. The IT department manages the service, with the ability to add/remove accounts.
    2. The University provides an SUU Enterprise E-mail Service (@bard.org) for legitimate Utah Shakespeare Festival-related communications. The Festival’s Director of Facilities and Technology manages the service, with the ability to add/remove accounts.
    3. When conducting University Business E-mail Communications, University employees, officers, volunteers, or other designated individuals are required to use the University Enterprise E-mail Service (@suu.edu or @bard.org). Employees are explicitly prohibited from using any private or non-enterprise e-mail service for institutional e-mail business.
    4. The University Enterprise E-mail Service (@suu.edu and @bard.org) is to be used for University Business E-mail Communications only. Users are explicitly prohibited from using the University Enterprise E-mail Service for non-University business including personal use.
    5. The University provides SUU E-mail Accounts (@suumail.net) to all students desiring such an account. It is intended that these accounts are available for as long as the host maintains the service and the individual chooses to maintain their account, subject to the University’s discretion in length of retention. These accounts are part of the SUU E-mail System but not the SUU Enterprise E-mail Service and are not intended to be used by student employees in fulfillment of their job duties.
    6. The University provides SUU E-mail Accounts (@emeriti.suu.edu) to all emeriti faculty/staff desiring such an account. Arrangements should be made with the IT department as part of the retirement process. It is intended that these accounts are available for as long as the host maintains the service and the individual chooses to maintain their account, subject to the University’s discretion in length of retention. These accounts are part of the SUU E-mail System but not the SUU Enterprise E-mail Service and are not intended to be used by employees in fulfillment of their job duties.
  3. Privacy & Security
    1. Users shall respect the legitimate expectations of privacy of others.
    2. Users should not consider e-mail to be private or secure. For example, messages addressed to nonexistent or incorrect e-mail addresses may be delivered to unintended recipients. Users agree not to send e-mail messages containing information considered to be Private Data.
    3. Users are responsible for safeguarding their passwords. Individual passwords should not be written down, printed, or shared with others (including family members).
    4. A User may grant Delegated (Proxy) Access to another User in the SUU Enterprise E-mail Service. Requests for Delegated (Proxy) Access must be approved by the User whose account will be accessed.
    5. Users are advised that e-mail messages on the SUU E-mail System may constitute “public records” and/or “student records,” and SUU is authorized and may be obligated to disclose e-mail messages to law enforcement officials and others, on legally-supported grounds, including but not limited to the Government Records Access and Management Act (GRAMA), the Family Education Rights and Privacy Act (FERPA), subpoenas, litigation/discovery requests and court orders, with or without prior notice.
  4. Monitoring: The University reserves the right, but not the duty, to monitor any and all aspects of its SUU E-mail System, including all related accounts, for University purposes, including but not limited to the following circumstances:
    1. The University, in its sole discretion, may deem it necessary to monitor its system for purposes of maintaining the integrity and effective operation of the e-mail systems. All monitoring for these purposes will be approved by the University’s Chief Information Officer or their designee.
    2. The University may monitor its system in relation or response to a particular problem, complaint, investigation, safety or security issue, legal/litigation hold or in anticipation of a claim or lawsuit. All monitoring for these purposes, or for any other purpose under this policy, will be approved by the University’s General Counsel, in cooperation with the President or the University’s assigned Assistant Attorney General.
  5. Bulk E-mail
    1. Marketing Communication, Human Resources, and the President’s Cabinet Members may send messages to the entire faculty, staff, administration, and/or student body. Additionally, the Chief of Police or their designee, and individuals authorized by the President’s Cabinet Members may send bulk email in the case of a campus emergency, or in the fulfillment of duties which require specific distribution by bulk email (e.g., the Annual Security & Fire Safety Report).
    2. IT staff, with authorization from the Chief Information Officer, may send bulk e-mail as needed to inform the campus community of computing-related issues.
    3. Faculty members are permitted to send e-mail messages to groups of students currently enrolled in a course. E-mail content must be relevant to that course.
    4. Deans, Department Chairs, Academic Advisors, Staff Directors, and Managers, or their appointed designees, are permitted to send e-mail messages to large groups of students, faculty, or staff if they are currently part of that person’s professional responsibilities and the e-mail content is relevant to those responsibilities.
    5. Alumni Relations may send e-mail messages to current and former SUU students.
    6. Enrollment Management may send e-mail messages pertaining to their mission of recruitment and retention.
    7. The Registrar’s Office may send e-mail messages to current students and graduates as needed to inform them of registration and graduation issues.
    8. The Office of the Vice President of Student Affairs and the Provost’s Office are permitted to send e-mail messages to groups of students, or the entire student body as needed.
    9. The Faculty Senate Executive Committee may send e-mail messages to groups of faculty or the entire faculty as needed.
    10. The Staff Association Officers may send e-mail messages to groups of staff members or the entire staff membership as needed.
    11. Additional entities may be granted permission to send e-mail messages to identified constituencies based on the approval from the appropriate President’s Cabinet Member.
    12. Other individuals not listed above, wishing to message all or part of the student body, faculty, and/or staff, should use the mySUU Portal messaging system.
  6. Abuses of E-mail
    1. The SUU E-mail System shall not be used for any activity that violates SUU Policy 5.51, other relevant University policies, or state or federal law.
    2. Any use of the SUU E-mail System that interferes with University activities and/or functions is improper and prohibited.
    3. The following are some specific actions and uses of the SUU E-mail System that are considered improper. This list is not intended to be all inclusive:
      1. Concealment or misrepresentation of names or affiliations in e-mail messages.
      2. Alteration of source or destination address of e-mail.
      3. Use of e-mail for commercial or private business purposes that have not been approved.
      4. Use of e-mail to harass or threaten individuals, including “cyber stalking.”
      5. Contains material which violates pornography laws.
      6. Contains algorithms or software which, if transferred, violate United States export laws.
      7. Contains scripts or code that could cause a security breach or permit use of Resources in opposition to University policy.
    4. As described in SUU Policy 5.54, sharing of copyrighted material without permission may constitute infringement unless permitted by fair use or other federal laws.
    5. SPAM: Sending unwanted e-mail messages to a large population abuses the e-mail service and results in fewer Resources for University purposes. Sending e-mail messages to more than 10 Users, whether as a single message or as a series of related messages, is expressly prohibited by this policy, except for communication detailed in Section IV.E.
  7. E-mail System Management
    1. Functional Accounts may help employees better organize and facilitate e-mail communication for a particular function. Functional Accounts also provide the ability for multiple people to be able to proxy into that single account to help manage the function, without having to have multiple individuals’ proxy into each other’s mailboxes. Functional Accounts may be created once the need is demonstrated.
    2. Due to an increased threat landscape on the Internet, certain attachments may be prevented from entering the SUU Enterprise E-mail Service.
  8. Student Preferred E-mail Expectations: Students may prefer to use a personal e-mail account for their communication with the University. This is permitted with the following understanding:
    1. The student is expected to update/confirm their preferred e-mail address at least once per semester and/or as changes occur.
    2. The student is responsible for all communications sent by the University to their preferred e-mail address, as provided by the student, regardless of whether the message was received or opened by the student.
    3. The University reserves the right to send e-mail to any e-mail address on file, including @suumail.net and @emeriti.suu.edu addresses.
  9. E-mail Directory: An e-mail directory of University faculty, staff, and students is available in the mySUU portal. Students who prefer that their directory information be kept private may request such through the Registrar’s Office.
  10. E-mail Retention and Disposal: E-mail coming into and sent from an SUU Enterprise E-mail Service is archived and retained throughout the term of an employee’s employment, and in accordance with applicable law. Archived e-mail will typically be deleted 60 days after an employee’s termination date, although any e-mail within the SUU E-mail System may be retained longer at the University’s discretion.
  11. Third-Party Vendors: E-mail services provided by a third-party vendor are also subject to the vendor’s policies in addition to this Policy.
  12. Sanctions
    1. Members of the University community who violate this Policy may be subject to disciplinary action as described in SUU Policy 6.22, SUU Policy 8.3.5, SUU Policy 11.2, and/or any other relevant disciplinary policies.

V. RELEVANT FORMS/LINKS

N/A


VI. QUESTIONS/RESPONSIBLE OFFICE

The responsible office for this Policy is the Vice President for Finance. For questions about this Policy, contact the Chief Information Officer.


VII. POLICY ADOPTION AND AMENDMENT DATES

Date Approved: January 13, 2012

Amended: September 27, 2019